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[57] ABSTRACT 

Improved methods and apparatus are provided for protecting 
public key schemes based on modular exponentiation 
(including RSA and Diflie-Hellman) from indirect cryptana- 
lytic techniques such as timing and fault attacks. Known 
methods for making the implementation of number-theoretic 
schemes resistant to such attacks typically double their 
running time, whereas the novel methods and apparatus 
described in this patent add only negligible overhead. This 
improvement is particularly significant in smart card and 
software-based implementations, in which the modular 
exponentiation operation is quite slow, and doubling its time 
may be an unacceptable solution. 
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METHOD AND APPARATUS FOR 
PROTECTING PUBLIC KEY SCHEMES 
FROM TIMING AND FAULT ATTACKS 

FIELD OF INVENTION 5 

The present invention relates to novel techniques, meth- 
ods and apparatus, for making number-theoretic public key 
schemes (including encryption schemes, signature schemes, 
identification schemes, key management schemes, etc.) 1Q 
resistant to timing and fault attacks. 

BACKGROUND OF INVENTION 
1. Introduction 

The simplest attack on a given cryptosystem is to exhaus- is 
lively search for the key. There are many variants of this 
attack (known ciphertext, known cleartext, chosen cleartext, 
etc.), but they are all based on a procedure which tries the 
keys one by one until the correct key is encountered. If the 
key consists of n random bits, the expected running time of 20 
this procedure is 2\n-l). This attack can be easily foiled by 
using a large enough n (e.g., n>100). 

To attack cryptosystems with large keys, cryptanalysts try 
to find mathematical or statistical weaknesses which reduce 
the size of the search space (preferably to 1). Although many 25 
techniques and results are classified for national security 
reasons, it is safe to assume that it is increasingly difficult to 
find such weaknesses in modern schemes designed by 
experienced cryptographers and implemented on high speed 
microprocessors. 30 

To successfully attack strong cryptosystems, the cryptana- 
lyst must use indirect techniques. This is best done when the 
cryptanalyst is either in close physical proximity to the 
cryptographic device, or has it under his complete control. 35 
The cryptographic device is assumed to be a black box 
which contains a known algorithm and an unknown key. The 
cryptanalyst cannot open this box and read its key, but he can 
observe its behavior under various circumstances. 

One of the best known examples of such an indirect attack 40 
is TEMPEST, which tries to deduce the key by analyzing 
electromagnetic radiation emanating from the black box 
during the computation of the ciphertext. Techniques for 
applying and preventing such attacks have been extensively 
studied for more than 50 years, and by now this is a well 45 
understood problem. 

Two powerful indirect attacks were discovered and pub- 
lished recently: In December 1995, P. Kocher, "Cryptanaly- 
sis of DifEe-Hellman, RSA, DSS, and Other Systems Using 
Timing Attacks," technical report, 12/7/95, described a 50 
timing attack, and in September 1996, D. Boneh, R. A. 
Demillo and R. J. Lipton, "On the Importance of Checking 
Computations,'* technical report, 9/25/96 (an extended ver- 
sion appears in the Proceedings of Eurocrypt 97, May 1997) 
described a fault attack. Both attacks were originally 55 
designed for and are most successful against public key 
schemes based on number theoretic principles, such as RSA, 
but they were later extended to classical cryptosystems as 
well (e.g., by E. Biham and A. Shamir, "A New Cryptana- 
lytic Attack on DES," technical report, 10/18/96. An $0 
extended version appears in the Proceedings of Crypto 97, 
August 1997). 

Such attacks are particularly useful when the scheme is 
implemented on a smart card, which is distributed by a bank, 
computer network, cellular phone operator, or pay-TV 65 
broadcaster to its customers. Hackers do not usually have the 
financial and technical resources required to read the con- 
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tents of the key registers inside the smart card, but they have 
complete control on the input/output, clock, reset, and power 
connections of the smart card. They can carefully measure 
the duration of the various operations, how much power they 
consume, what happens when the computation is interrupted 
or carried out under abnormal operating conditions, etc. 
Since the tests are carried out in the privacy of the custom- 
er's home, the card manufacturer cannot prevent them or 
even learn about their existence. 
2. Timing Attacks 

Timing attacks are based on the assumption that some of 
the basic operations carried out during the cryptographic 
calculation require a non-constant amount of time which 
depends on the actual values being operated upon. This 
implies that some information about these unknown inter- 
mediate values leaks out by measuring the length of the 
cryptographic computation. If these intermediate values are 
computed from known cleartext bits and unknown key bits 
by a known cryptographic algorithm, the attacker can try to 
use the leaked intermediate values to deduce the key. 

The main difficulty in carrying out this attack is that the 
attacker knows only the total amount of time required to 
carry out the cryptographic computation, but not the timing 
of individual computational steps. Kocher's main contribu- 
tion is in developing an efficient technique for handling this 
difficulty in many cases of practical interest. 

For the sake of concreteness, we describe Kocher's attack 
on the RSA cryptosystem. The black box is assumed to 
contain a publicly known modulus n and a secret exponent 
d. Given an input number x, the box performs the modular 
exponentiation x~d (mod n) by using the standard square- 
and-multiply technique. In this description, the symbol " A " is 
exponentiation and the symbol "_" is a subscript. The result 
(which can be the decryption of the ciphertext x, the 
signature of the message x, or the response to a random 
identification challenge x, depending on the application) is 
sent out as soon as it is produced, and thus the attacker can 
measure the total number of clock cycles taken by all the 
modular multiplications. 

Standard implementations of modular multiplication 
require a non-constant amount of time, since they skip 
multiplication steps involving leading zeroes, and reduction 
steps when the result is smaller than the modulus. The 
attacker chooses a large number of random inputs x, and 
measures the actual timing distribution T_0 of the modular 
exponentiation operation carried out by the black box. He 
then measures for each x (by computer simulation, using his 
knowledge of how the scheme is implemented) the precise 
timing of an initial square-only operation, and separately, the 
precise timing of an initial square-and-multiply operation. 
The result is a pair of timing distributions T__l and T__2, 
which are not identical. All the cryptographic computations 
carried out in the black box use the same exponent d, and its 
first bit determines which one of the two computed distri- 
butions T_l and T_2 is the initial part of the experimentally 
computed T_0. The timing of the remaining steps of the 
computations can be assumed to be a random variable R, 
which is normally distributed and uncorrected with either 
T_l or T_2. Since T_0 is either T_l+R or T_2+R, the 
attacker can decide which case is more likely by finding 
which one of the two distributions T_0-T_1 and T_0- 
T_2 has a lower variance. 

After finding the first bit of the secret exponent d, the 
attacker knows the actual inputs to the second computational 
step, and thus be can apply the same technique (with 
properly modified experimental and simulated timing dis- 
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tributionsT_0, T_l, and T_2) to find the second bit of d. replace each input x by a modified version y=x*r (mod n) 

By repeating this procedure about 1000 times, he can where r is a secret random number between 1 and n-1. To 

compute all the bits of d, and thus break the RSA scheme. compute x~d (mod n), the program computes y A d (mod n) 

A similar timing attack can be applied to any crypto- and r A d (mod n), and then uses the multiplicative property of 

graphic scheme in which the black box raises all its inputs s modular exponentiation to compute x*d (mod n) as y A d/r A d 

x_l,x_2, ... to the same secret power d modulo the same ( m od n). Since both y and r are unknown, the attacker cannot 

known n (which can be either a prime or a composite simulate these computations in order to find the successive 

number). For example, in one of the variants of the Diffie- bits of d in the non -CRT computation, and cannot perform 

Hellman key distribution scheme, all the users agree on a binary ^Tch in the CRT version of the computation, 

prime modulus n and on a generator g of the multiplicative 1Q UD f ortunate ly, this randomization technique doubles the 

group Z *_n. , expected running time of the computation. 

Each user chooses a random secret exponent d, and 3 p au j t Attacks 

computes y=g~d (mod n) as his public key. To establish a FauU attacks t tQ introduce errors int0 the cryptographic 

common secret key with another user the first user sends out cornputatiori) and to identify the key by analyzing the 

his public key y=gd (mod n) and receives a similarly mat| ^ matical and stalistical properties of the erroneously 

computed public key x=g e (mod n) from the other user * * techniques suggested so 

Their common cryptographic key is z=g (d*e) (mod n) . J: . , . ° *u ? • • ■ 

which the first user computes by evaluating x'd (mod n). fe ' fo . r ^reducing such ™ are the use of ™« 

When the first user communicates with several parties, he radiation, unusual operating temperatures, power and clock 

raises several known values x_l,x_2, ... to the same secret S litches > and laser-based chip microsurgery. Some of the 

power d modulo the same known modulus n. By measuring 20 attacks are differential (i.e., they carry out both a correct and 

the timing of sufficiently many such computations, the an erroneous computation with the same input and analyze 

attacker can determine d and thus find all the cryptographic their differences), while other attacks just use the erroneous 

keys z__l,z_2, . . . employed by that user. results. 

The timing attack has to be modified if the computation of The original fault attack on public key cryptosystems was 

x A d (mod n) for a composite modulus n-p*q is carried out 25 described in Boneh, Demillo and Lipton, and required 

by computing x~d (mod p), x~d (mod q), and combining the several cryptographic computations. We now describe an 

results by the Chinese Remainder Theorem (CRT). This is a improved version of this attack, due to Aijen Lenstra, which 

common way of making the computation about 4 times requires a single faulty computation. We assume that the 

faster when the factorization of n is known. The problem for black box uses the RSA scheme to sign a given message x. 

the attacker is that he does not know the secret factors p and 30 The computation of x A d (mod n) is carried out with the CRT 

q of the public modulus n, and thus cannot simulate the method by first reducing x modulo p and q to get x_l and 

timing distributions T_l and T_2. Kocher's solution is to x_2, then computing y_l»x_l*d (mod p) and y__2-x_2~d 

concentrate on the first step of the CRT computation, in (mod q), and finally combining y_l and y_2 to get the 

which the input x is reduced modulo p. If x is smaller than signature y (mod n) with the CRT method. We assume that 

p, no modular reduction is required, and thus the computa- 35 a single error is introduced at a random time during this 

tion is considerably faster than when x is larger than or equal computation by applying mild physical stress to the black 

to p. The attacker thus presents to the black box a large box. Without loss of generality, we can assume that the error 

number of inputs x which are very close to each other, and was introduced during the computation of x_l"d (mod p), 

uses the average time of such computations to decide and thus instead of getting the correct y_l, the box com- 

whether these x's are above or below p. A decision proce- 40 puled an erroneous y'_l. When y'_l and y_2 are combined 

dure for this question can be repeatedly used to find the by the CRT method, the box computes an incorrect signature 

precise value of p by binary search. y' which is provided to the attacker. 

Shortly after the discovery of this attack, researchers tried The main observation is that the attacker knows the 

to develop implementations which are immune to it. The signature verification exponent e, for which y"e-x (mod n). 

simplest idea is to make sure that all the cryptographic 45 Due to the error, y ,A e-x is non-zero mod p, but zero mod q, 

operations take exactly the same amount of time, regardless and thus it is a multiple of q which is not a multiple of n. The 

of the values of the cleartexts and keys. However, achieving attacker can thus factor n by computing the greatest common 

this is surprisingly difficult for the following reasons: divisor of y'Vx (mod n) and n, which is an easy computa - 

(a) In many cases, the implementor wants to run the same tion. 

algorithm in software on different (and perhaps unknown) 50 To protect cryptographic schemes against fault attacks, 

machines. An implementation which is constant time on Boneh, Demillo and Lipton recommend that each compu- 

one microprocessor may be variable time on another tation should be carried out twice (preferably by different 

microprocessor or even on an enhanced version of the algorithms). If any discrepancy is found between the two 

same microprocessor. results, the box should not output anything. This provides 

(b) On a multitasking machine the running time may depend 55 strong protection from random faults (which are unlikely to 
on the amount of free memory, the cache hit rate, the affect the two computations in an identical way), but it slows 
number of external interrupts, etc. This can change a down the computation by a factor of 2. Such a slowdown is 
constant time implementation under one set of circum- particularly noticeable in smart card implementations of 
stances into a variable time implementation under another public key schemes, which are quite slow to begin with, 
set of circumstances. 60 CHUUADV ^ rxn/cNm™ 

(c) If the implementor tries to use a real time clock to force SUMMARY OF THE INVEmiON 

all the computations to take the same amount of time, he The present invention relates to method and apparatus for 

must slow all of them down to their worst cases. Since he providing protective techniques for public key schemes, 

cannot use any input-dependent optimization technique, which provide strong protection against the described timing 

the implementation is likely to be unacceptably slow. 65 and fault attacks without incurring the twofold slowdown 

The best protective technique proposed so far against made necessary by the previously known protective tech- 

Kocher's timing attack on modular exponentiation is to niques. 
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The first technique is designed to protect non-CRT imple- computation of x A (d+i*t) (mod n) where t is the precom- 

mentations of public key schemes against timing attacks. It puted value of phi(n). Since the bits of these (d+i*t) for the 

is applicable to the RSAcryptosystem, RS A digital signature various i are different, each exponentiation uses a different 

scheme, Diffie-Hellman key distribution scheme, and any sequence of square-and-multiply steps, and thus the attacker 

other number theoretic scheme in which the black box raises 5 cannot use Kocher's timing attack to analyze the timing 

a known input x to a fixed secret exponent d modulo a public distribution of several exponentiations, even though all of 

n whose factorization is known to the black box. tnem com P ute tne ™™ d ' ih P ower of tne,r ,n P uts r 

, , . . , . , t . ^™ , , The efficiency of this technique is based on the fact that 

The second technique is designed to protect CRT-based t fc ^ md ^ randomizi dement { can 

implementations of public key schemes from both timing be chosen ^ a relalivel small numben If n and d are 1024 

and fault attacks. The main problem is how to verify the io Wt mmbcrSf andiisa random 32 bit number (wnicn are the 

correctness of the computations of x_l d (mod p) and curre ntly recommended sizes), d+i*t is a 1056 bit number. 

x_2 A d (mod q) without repeating them a second time (or The process of raising the input x to the 1056 bit power d+i*t 

verifying each step separately, which again doubles the requires only 3% more square-and-multiply operations than 

running time). The invention provides a novel error- the process of raising x to the original 1024 bit power d. This 

detection technique for such number theoretic computations *5 ^ much better than the a i ternat j ve randomization technique 

which is much more efficient. described earlier, which doubles the running time. 

RRTFP nPSPRTPTTON OF THF F1HIIRFS The S6C ° nd technk l Ue ' Sn0Wn in HG - 2 > 15 ^signed to 

BRIEF DESCRIPTION OF THE FIGURES prQtect CRT „ based implementations of public key schemes 

FIG. 1 shows schematically the method and apparatus of 2Q from both timing and fault attacks. The main problem is how 

the invention as it relates to a first technique designed to to verify the correctness of the computations of x_l A d (mod 

protect non-CRT implementations of a public key scheme p) and x_2 A d (mod q) without repeating them a second time 

against timing attacks. ( or verifying each step separately, which again doubles the 

FIG. 2 shows schematically the method and apparatus of mnnin Z time )' We now describe a novel error-detection 

the invention as it relates to a second technique designed to 25 technique for such number theoretic computations which is 

protect CRT-based implementations of a public key scheme much more efficient - 

against both timing and fault attacks. In each computation, the black box 20 chooses a new 

random integer j (the recommended size of j is also 32 bit), 

DETAILED DESCRIPTION OF THE box 22. Instead of computing x__l=x (mod p) and x_2-x 

PREFERRED EMBODIMENTS 3Q (mod q) followed by y_l=x_rd (mod p) and y__2=x_2 A d 

„ „ . ... ^ , , (mod q), the box computes v„l=x (mod i*p), v_2=x (mod 

Referring now to the drawings, preferred embodiments . ^ d _ 1=d (mod hiQt )) md d _ 2=(J (mod hi(j , )}> bm 

will now be described in detail Since public key schemes u foUowed b j rdJ (mod j. > and w _ 2=v _ 

and computer hardware and software implementation are 2^ 2 (mod i*q) box 26 

well known to those of skill in the art, no description of same ~ . J ' . . \ u , <- 1 A -» •* * 

. . , t c u * a . a ♦ a « Th e main observation is that from w_l and w_2 it is easy 

adeemed necessary to a full, concise and exact understand- 35 y 1 and y 2 by further reductions (namely, 

mg of the present invention. y_l=w_l (mod p) and y_2=w_2 (mod q)), box 28, and 

We now describe two novel protective techniques for thus it ^ easy tQ compule the final result y by the Chinese 

public key schemes, which provide strong protection against rema inder Theorem, box 30. However, we can also obtain 

the described timing and fault attacks without incurring the the yalue of x ~ d (mod ^ [q two different ways: ^ w _ x (mod 

twofold slowdown made necessary by the previously known jj and as w 2 (mod j), box 32. We can now use the equality 

protective techniques. of mese two va j ues ( w hich were obtained from the two 

The first technique, shown in FIG. 1, is designed to halves of the computation, and mixed with the derivation of 

protect non-CRT implementations of public key schemes y _l, y_2 in a very strong way), box 34, as a test of 

against timing attacks. It is applicable to the RSA ^ correctness: In a faultless computation the two values will 

cryptosystem, RSA digital signature scheme, Diffie-Hellman always be the same, whereas in a faulty computation (with 

key distribution scheme, and any other number theoretic random faults) the probability that the two values will be the 

scheme in which the black box 10 raises a known input x to same is about 1/(2 A 32), see decision box 36 in which an abort 

a fixed secret exponent d modulo a public n whose factor- is commanded for a faulty computation. This error detection 

ization is known to the black box. 5Q technique is thus sufficient for any application in which the 

The main observation is that for each n there exists a total number of modular exponentiations is significantly 

number t«phi(n), box 12, such that for any x between 1 and smaller than 2 A 32 (about 4 billion), 

n which is relatively prime to n, x~t«l (mod n). This phi is The overall time complexity of this implementation is 

called Euler's totient function: when n is prime, phi(n)=n-l, higher by a few percent than the time complexity of standard 

and when n=p*q, phi(n)=(p-l)*(q-l). The implementation 55 implementations, since the exponentiations are carried out 

can thus replace the computation of x A d (mod n) by the modulo 512+32-544 bit moduli j*p and j*q instead of 512 

computation of x~(d+i*t) (mod n) for any integer i without bit moduli p and q. However, this is much faster than 

changing the computed result, since x A (d+it)=(x A d)*(x A t) A i= repeating each exponentiation a second time to verify its 

(x A d)*ri=x A d (mod n), box 14. correctness. 

This equality can be shown to be true even when x is not $o An additional benefit of this randomization technique is 

relatively prime to n, but this case is unlikely to arise in that it also provides protection from timing attacks at no 

practice. Note also that any integral multiple of GCD((p-l), extra cost. Kocher's original attack on CRT-based imple- 

(q-1)) can replace phi(n) in our choice of t. mentations concentrates on the initial modular reduction 

The proposed protection technique for public key (mod p), and uses binary search to find increasingly accurate 

schemes based on the modular exponentiation operation is to 65 approximations of p from multiple computations, 

choose a new random secret i, box 16, in each computation, By using our proposed technique, each computation uses 

and to replace the computation of x A d (mod n) by the a different modulus j*p in its initial reduction step, and thus 
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the attacker cannot refine his knowledge of the modulus by 
analyzing a large number of exponentiations. 

There are many optimizations and variations of this 
technique, which should be obvious to anyone skilled in the 
art. For example, it is possible to impose additional restric- 
tions (such as primality) on the choice of the small multiplier 
j which make it somewhat less likely that faulty computa- 
tions will remain undetected. Another modification of the 
technique is to test each half of the computation by a 
separate recomputation modulo a different small modulus, 
rather than by comparing the two results modulo a common 
small modulus. More precisely, the implementation can 
choose two small numbers j_l and j_2, and then compute 
the following quantities: 

v__l=x (mod j„l*p), v_2=x (mod j_2*q), v__3=x (mod 

j_l), v_4=x (mod j_2); 
d_J=d (mod phi(j_l*p)), d_2-d (mod phi(j_2*q)), 

d_3«d (mod phi(j_l)), d„_4-d (mod phi(j__2); 
w„l~v_l A d__l (mod j„l*p), w_2»v_2 A d_2 (mod 

j_2*P), w_3=v_3 A d_3 (mod j_l), w__4=v_4 A d_4 

(mod j_2). 

To check the correctness of the computation, the black 
box verifies that w„l=w_3 (mod and w_2=w__4 
(mod j_2) The only expensive operations are the computa- 
tion of w„l and w„2, since the small exponentiations in the 
computation of w_3 and w_4 are very efficient. This 
recomputation technique is slower than the original com- 
parison technique, but may be slightly more resistant to 
certain types of non-random faults. 

While the invention has been described with respect to 
certain embodiments thereof, it will be appreciated by one 
skilled in the art that variations and modifications may be 
made without departing from the spirit and scope of the 
invention. 
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What is being claimed is: 

1. In a method of implementing public key schemes 
containing the non-CRT form of the modular exponentiation 
operation x A d (mod n), the improvement comprising the 
steps of: 

computing or storing the computed value of t«phi(n), 
where phi is Euler's totient function of the modulus n; 

selecting some secret integer i; and 

replacing the computation of x~d (mod n) by the compu- 
tation of x~(d+i*t) (mod n); 

thereby increasing public key scheme resistance to timing 
attacks without a twofold slowdown in computation 
time. 

2. In the method of claim 1, the further improvement 
where i is chosen as a random number in the range for some 
k. 

3. In the method of claim 2, the further improvement 
where k=32. 

4. In a method of implementing public key schemes 
containing the CRT form of the modular exponentiation 
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operation x A d (mod n) where n=p*q, the improvement 
comprising the steps of: 
selecting some secret integer j; 

computing v_l=x (mod j*p), v_2»x (mod j*q), d„l«d 
(mod phi(j*p)), d_2=d (mod phi(j*q)), w_J«v_ 
l~d_l (mod j*p), and w„2=v_2~d_2 (mod j*q); 

aborting the computation if w_l and w_2 are not equal 
modulo j; and 

otherwise, computing y__l=w_l (mod p), y_2=w_2 
(mod q), and combining them by the Chinese Remain- 
der Theorem to obtain the result of x*d (mod n); 

thereby increasing public key scheme resistance to timing 
and fault attacks without a twofold slowdown in com- 
putation time. 

5. In the method of claim 4, the further improvement 
where j is chosen as a prime number. 

6. In the method of claim 5, the further improvement 
where k=32. 

7. In the method of claim 4, the further improvement 
where j is chosen as a random number in the range for some 
k. 

8. In a method of implementing public key schemes 
containing the CRT form of the modular exponentiation 
operation x A d (mod n) where n~p*q, the improvement 
comprising the steps of: 

selecting two secret integers j_l and j_2; 

computing v_l=x (mod j__l*p), v_2=x (mod j__2*q), 
d„l=d (mod phiG__l*p)), d__2«d (mod phi(j_2*q)), 
w_l=v_l A d_l (mod j_l*p), and w_2=v_2 A d_2 
(mod j_2*q); 

computing v_3=x (mod j_l), v_4=x (mod j_2), d_3=d 

(mod j_l), d_4=d (mod j_2), w_3=v_3~d_3 (mod 

j_l), and w_4=v_4~d_4 (mod j_2); 
aborting the computation if w_3 is not equal to w_l 

modulo j_l, or if w_4 is not equal to w_2 modulo 

j_2; and 

otherwise, computing y_l=w_l (mod p), y_2«w_2 
(mod q), and combining them by the Chinese Remain- 
der Theorem to obtain the result of x*d (mod n); 

thereby increasing public key scheme resistance to timing 
and fault attacks without a twofold slowdown in com- 
putation time. 

9. In the method of claim 8, the further improvement 
where j_l and j_2 are prime numbers. 

10. In the method of claim 8, the further improvement 
where j_l and j_2 are chosen as random numbers in the 
range for some k. 

11. In the method of claim 10, the further improvement 
where k=32. 

12. In an apparatus for implementing public key schemes 
containing the non-CRT form of the modular exponentiation 
operation x*d (mod n), the improvement comprising: 

means for computing or storing the computed value of 
t=phi(n), where phi is Euler's totient function of the 
modulus n; 

means for selecting some secret integer i; and 

means for replacing the computation of x~d (mod n) by the 

computation of x A (d+i*t) (mod n); 
thereby increasing public key scheme resistance to timing 

attacks without a twofold slowdown in computation 

time. 

13. In the apparatus according to claim 12, the improve- 
ment where i is chosen as a random number in the range for 
some k. 
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14. In the apparatus according to claim 13, the further 
improvement where k=32, 

15. In an apparatus for implementing public key schemes 
containing the CRT form of the modular exponentiation 
operation x*d (mod n) where n«p*q, the improvement 
comprising: 

means for selecting some secret integer j; 

means for computing v__l»x (mod j*p), v__2=x (mod 
j*q), d_l=d (mod phi(j*p)), d_2=d (mod phi(j*q)), 
w_l=v_rd_l (mod j*p), and w_2=v_2 A d_2 (mod 

j*q); 

means for aborting the computation if w__l and w_2 are 
not equal modulo j; and 

otherwise, means for computing y_l=w__l (mod p), 
y__2=w__2 (mod q), and combining them by the Chi- 
nese Remainder Theorem to obtain the result of x A d 
(mod n); 

thereby increasing public key scheme resistance to timing 
and fault attacks without a twofold slowdown in com- 
putation time. 

16. In the apparatus according to claim 15, the further 
improvement where j is chosen as a prime number, 

17. In the apparatus according to claim 16, the further 
improvement where k=32. 

18. In the apparatus according to claim 15, the further 
improvement where j is chosen as a random number in the 
range for some k. 

19. In an apparatus for implementing public key schemes 
containing the CRT form of the modular exponentiation 
operation x A d (mod n) where n=p*q, the improvement 
comprising: 



10 



15 



20 



25 



means for selecting two secret integers j_l and j_2; 

means for computing v__l=x (mod j l*p), v_2»x (mod 

j„2*q), d___l=d (mod phi(j_l*p)), d_2=d (mod phi 
(j_2*q)), w_l«v_rd_l (mod j_l*p), and w_2=v_ 
2~d_2 (mod j_2*q); 

means for computing v_3«x (mod j 1), v__4=x (mod 

j_2), d_3=d (mod j_l), d_4=d (mod j_2), w_3=v._ 
3 A d_3 (mod and w_4=v_4*d__4 (mod j_2); 

means for aborting the computation if w_3 is not equal to 
w_l modulo j_l, or if w_4 is not equal to w_2 
modulo j_2; and 

otherwise, means for computing y„l=w__l (mod p), 
y_2=w_2 (mod q), and combining them by the Chi- 
nese Remainder Theorem to obtain the result of x"d 
(mod n); 

thereby increasing public key scheme resistance to timing 
and fault attacks without a twofold slowdown in com- 
putation time. 

20. In the apparatus according to claim 19, the further 
improvement where j_l and j_2 are prime numbers. 

21. In the apparatus according to claim 19, the further 
improvement where j_l and j_2 are chosen as random 
numbers in the range for some k. 

22. In the apparatus according to claim 21, the further 
improvement where k*32. 
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